Content deleted Content added
TRUTH Tags: Reverted Visual edit |
SimonWan00 (talk | contribs) Tags: Mobile edit Mobile app edit Android app edit App section source |
||
| (11 intermediate revisions by 7 users not shown) | |||
Line 8:
| caption = Symantec Endpoint Protection Manager GUI, version 14.2
| developer = [[Broadcom Inc.]]
| latest_release_version = 14.3
| latest_release_date = {{Start date and age|df=yes|
| latest_preview_version =
| latest_preview_date =
Line 16:
| genre = [[Anti-malware]], [[intrusion prevention]] and [[Firewall (computing)|firewall]]
| license = [[Trialware]]
| website = {{
}}
'''Symantec Endpoint Protection''', developed by [[Broadcom Inc.]], is a security software suite that consists of [[anti-malware]], [[intrusion prevention]] and [[Firewall (computing)|firewall]] features for [[server (computing)|server]] and [[desktop computer|desktop]] computers.<ref name="two"
==Version history==
The first release of Symantec Endpoint Protection was published in September 2007 and was called version 11.0.<ref name="Messmer 2007">{{cite web | last=Messmer | first=Ellen | title=Symantec revamps endpoint security product | website=Network World | date=24 September 2007 | url=https://www.networkworld.com/article/814489/lan-wan-symantec-revamps-endpoint-security-product.html | access-date=16 April 2017}}</ref> Endpoint Protection is the result of a merger of several security software products, including Symantec Antivirus Corporate Edition 10.0, Client Security, Network Access Control, and Sygate Enterprise Edition.<ref name="Messmer 2007"/> Endpoint Protection also included new features.<ref name="Messmer 2007"/> For example, it can block data transfers to unauthorized device types, such as [[USB flash drive]]s or [[Bluetooth]] devices.<ref name="Messmer 2007"/>
At the time, Symantec Antivirus Corporate Edition was widely criticized as having become bloated and unwieldy.<ref name="two" /> Endpoint Protection 11.0 was intended to address these criticisms.<ref name="two">{{Cite news |url=https://books.google.com/books?id=LmAEAAAAMBAJ&pg=PA36 |title=Troubled Waters |last=Walsh |first=Lawrence |date=November 2007 |work=CSO Magazine |publisher=[[CXO Media]] |issue=10 |volume=6}}</ref> The [[disk footprint]] of Symantec Corporate Edition 10.0 was almost 100 MB, whereas Endpoint Protection's was projected to be 21 MB.<ref name="two" />
Symantec Endpoint Protection is a security software suite that includes [[intrusion prevention]], [[Firewall (computing)|firewall]], and [[anti-malware]] features.<ref name="SearchSecurity20182">{{cite web | title=Symantec Endpoint Protection and the details for buyers to know | website=SearchSecurity | date=February 8, 2018 | url=http://searchsecurity.techtarget.com/feature/Antimalware-protection-products-Symantec-Endpoint-Protection | access-date=February 8, 2018}}</ref> According to ''SC Magazine'', Endpoint Protection also has some features typical of [[data loss prevention]] software.<ref name="scmag" /> It is typically installed on a server running [[Windows]], [[Linux]], or [[macOS]].<ref name="one">{{Cite news |url=https://www.scmagazine.com/symantec-endpoint-protection-12-v121/review/6652/ |title=Symantec Endpoint Protection 12 v12.1 |last=Stephenson |first=Peter |date=1 August 2012 |work=SC Magazine |access-date=16 April 2017 |publisher=[[Haymarket Media Group]]}}</ref> As of 2018, Version 14 is the only currently-supported release.<ref name="Symantec Enterprise Technical Support 2017">{{Cite web |url=https://support.symantec.com/en_US/article.TECH154475.html |title=Released versions of Symantec Endpoint Protection |date=16 March 2017 |website=Enterprise Technical Support |publisher=[[NortonLifeLock|Symantec]] |access-date=18 April 2017}}</ref>▼
In 2009, Symantec introduced a managed service, whereby Symantec staff deploy and manage Symantec Endpoint Protection installations remotely.<ref>{{Cite web |url=http://www.networkworld.com/article/2257821/security-vulnerability-mgmt/symantec-unveils-endpoint-protection-services.html |title=Symantec unveils endpoint protection services |last=Messmer |first=Ellen |date=23 June 2009 |website=[[Network World]] |publisher=[[IDG]] |access-date=3 May 2017 |archive-date=19 May 2018 |archive-url=https://web.archive.org/web/20180519224646/https://www.networkworld.com/article/2257821/security-vulnerability-mgmt/symantec-unveils-endpoint-protection-services.html |url-status=dead }}</ref> A Small Business Edition with a faster installation process was released in 2010.<ref>{{Cite web |url=http://www.crn.com/features/security/222300110/security-in-20-minutes-really.htm |title=Security In 20 Minutes, Really |last=Moltzen |first=Edward |date=1 January 2010 |website=[[CRN (magazine)|CRN]] |publisher=The Channel Company}}</ref> In February 2011, Symantec announced version 12.0 of Endpoint Protection.<ref name="Messmer 2011">{{Cite web |url=http://www.networkworld.com/article/2199769/network-security/symantec-looks-to-protect-users-from-mutating-malware.html |archive-url=https://web.archive.org/web/20170816201424/http://www.networkworld.com/article/2199769/network-security/symantec-looks-to-protect-users-from-mutating-malware.html |url-status=dead |archive-date=16 August 2017 |title=Symantec looks to protect users from mutating malware |last=Messmer |first=Ellen |date=15 February 2011 |website=[[Network World]] |publisher=[[IDG]]}}</ref> Version 12 incorporated a cloud-based database of malicious files called Symantec Insight.<ref name="Messmer 2011" /> Insight was intended to combat [[malware]] that generates mutations of its files to avoid detection by [[Signature based detection|signature-based]] anti-malware software.<ref name="Messmer 2011" /> In late 2012, Symantec released version 12.1.2, which supports [[VMware]] vShield.<ref>{{Cite web |url=http://www.networkworld.com/article/2161783/network-security/symantec-releases-first-anti-malware-software-to-work-with-vmware-vshield-security-.html |archive-url=https://web.archive.org/web/20170816192706/http://www.networkworld.com/article/2161783/network-security/symantec-releases-first-anti-malware-software-to-work-with-vmware-vshield-security-.html |url-status=dead |archive-date=16 August 2017 |title=Symantec releases first anti-malware software to work with VMware vShield security system |last=Messmer |first=Ellen |date=3 December 2012 |website=[[Network World]] |publisher=[[IDG]]}}</ref>
Endpoint Protection scans computers for security threats.<ref name="SearchSecurity20182"/> It is used to prevent unapproved programs from running,<ref name="SearchSecurity20182"/> and to apply firewall policies that block or allow network traffic.<ref>{{Cite web |url=http://www.symantec.com/docs/HOWTO80961 |title=About the Symantec Endpoint Protection firewall |date=28 October 2016 |website=Enterprise Technical Support |publisher=[[NortonLifeLock|Symantec]]}}</ref> It attempts to identify and block malicious traffic in a corporate network or coming from a [[web browser]].<ref>{{Cite web |url=http://www.symantec.com/docs/HOWTO80870 |title=How intrusion prevention works |date=28 October 2016 |website=Enterprise Technical Support |publisher=[[NortonLifeLock|Symantec]]}}</ref> It uses aggregate information from users to identify malicious software.<ref name="scmag" /> As of 2016, Symantec claims to use data from 175 million devices that have installed Endpoint Security in 175 countries.<ref name="scmag" />▼
A cloud version of Endpoint Protection was released in September 2016.<ref>{{Cite web |url=http://www.crn.com/news/security/300082061/symantec-rolls-out-new-cloud-based-endpoint-protection-solution-for-smbs.htm |title=Symantec Rolls Out New Cloud-Based Endpoint Protection Solution For SMBs |last=Kuranda |first=Sarah |date=13 September 2016 |website=[[CRN (magazine)|CRN]] |publisher=The Channel Company}}</ref> This was followed by version 14 that November.<ref name="Osborne 2016">{{Cite web |url=https://www.zdnet.com/article/symantec-launches-endpoint-protection-solution-based-on-artificial-intelligence/ |title=Symantec launches endpoint protection solution based on artificial intelligence |last=Osborne |first=Charlie |date=1 October 2016 |website=[[ZDNet]] |publisher=[[CBS Interactive]]}}</ref> Version 14 incorporates [[machine learning]] technology to find patterns in digital data that may be indicative of the presence of a cyber-security threat.<ref name="Osborne 2016" /> It also incorporates memory exploit mitigation and performance improvements.<ref name="gartner">{{Cite web |last=Ouellet |first=Eric |last2=McShane |first2=Ian |last3=Litan |first3=Avivah |date=30 January 2017 |title=Magic Quadrant for Endpoint Protection Platforms |url=https://www.gartner.com/doc/reprints?id=1-3N82LG5&ct=161205&st=sb |website=gartner.com |publisher=[[Gartner]]}}</ref>
==Features==
▲Symantec Endpoint Protection is a security software suite that includes [[intrusion prevention]], [[Firewall (computing)|firewall]], and [[anti-malware]] features.<ref name="SearchSecurity20182">{{cite web | title=Symantec Endpoint Protection and the details for buyers to know | website=SearchSecurity | date=February 8, 2018 | url=http://searchsecurity.techtarget.com/feature/Antimalware-protection-products-Symantec-Endpoint-Protection | access-date=February 8, 2018}}</ref> According to ''SC Magazine'', Endpoint Protection also has some features typical of [[data loss prevention]] software.<ref name="scmag" /> It is typically installed on a server running [[Windows]], [[Linux]], or [[macOS]].<ref name="one">{{Cite news |url=https://www.scmagazine.com/symantec-endpoint-protection-12-v121/review/6652/ |title=Symantec Endpoint Protection 12 v12.1 |last=Stephenson |first=Peter |date=1 August 2012 |work=SC Magazine |access-date=16 April 2017 |publisher=[[Haymarket Media Group]]}}</ref> As of 2018, Version 14 is the only currently-supported release.<ref name="Symantec Enterprise Technical Support 2017">{{Cite web |url=https://support.symantec.com/en_US/article.TECH154475.html |archive-url=https://web.archive.org/web/20160923050424/https://support.symantec.com/en_US/article.TECH154475.html |url-status=dead |archive-date=23 September 2016 |title=Released versions of Symantec Endpoint Protection |date=16 March 2017 |website=Enterprise Technical Support |publisher=[[NortonLifeLock|Symantec]] |access-date=18 April 2017}}</ref>
▲Endpoint Protection scans computers for security threats.<ref name="SearchSecurity20182"/> It is used to prevent unapproved programs from running,<ref name="SearchSecurity20182"/> and to apply firewall policies that block or allow network traffic.<ref>{{Cite web |url=http://www.symantec.com/docs/HOWTO80961 |title=About the Symantec Endpoint Protection firewall |date=28 October 2016 |website=Enterprise Technical Support |publisher=[[NortonLifeLock|Symantec]]}}{{dead link|date=April 2024|bot=medic}}{{cbignore|bot=medic}}</ref> It attempts to identify and block malicious traffic in a corporate network or coming from a [[web browser]].<ref>{{Cite web |url=http://www.symantec.com/docs/HOWTO80870 |title=How intrusion prevention works |date=28 October 2016 |website=Enterprise Technical Support |publisher=[[NortonLifeLock|Symantec]]}}{{dead link|date=April 2024|bot=medic}}{{cbignore|bot=medic}}</ref> It uses aggregate information from users to identify malicious software.<ref name="scmag" /> As of 2016, Symantec claims to use data from 175 million devices that have installed Endpoint Security in 175 countries.<ref name="scmag" />
Endpoint Protection has an administrative console that allows the IT department to modify security policies for each department,<ref name="SearchSecurity20182"/> such as which programs or files to exclude from antivirus scans.<ref name="scmag" /> It does not manage mobile devices directly, but treats them as peripherals when connected to a computer and protects the computer from any malicious software on the mobile devices.<ref name="scmag" />
==Vulnerabilities==
In early 2012, [[source code]] for Symantec Endpoint Protection was stolen and published online.<ref name="Vijayan 2012">{{cite web | last=Vijayan | first=Jaikumar | title=Symantec confirms source code leak in two enterprise security products | website=Computerworld | date=6 January 2012 | url=http://www.computerworld.com/article/2501007/cybercrime-hacking/symantec-confirms-source-code-leak-in-two-enterprise-security-products.html | access-date=18 April 2017}}</ref> A hacker group called "[[Lords of Dharmaraja|The Lords of Dharmaraja]]" claimed credit, alleging the source code was stolen from Indian [[military intelligence]].<ref name="Akhtar 2012">{{Cite web |url=https://www.cnet.com/news/that-stolen-symantec-source-code-its-for-older-enterprise-products/ |title=That stolen Symantec source code? It's for older enterprise products |last=Akhtar |first=Iyaz |date=6 January 2012 |website=[[CNET]] |publisher=[[CBS Interactive]] |access-date=18 April 2017}}</ref> The Indian government requires vendors to submit the source code of any computer program being sold to the government, to ensure that they are not being used for [[espionage]].<ref name="Vijayan 2012"/> In July 2012, an update to Endpoint Protection caused compatibility issues, triggering a [[Blue Screen of Death]] on [[Windows XP]] machines running certain third-party [[file system]] [[Device driver|drivers]].<ref>{{Cite web |url=https://www.scmagazineuk.com/news/symantec-fixes-blue-screen-of-death-bug/article/546098/ |title=Symantec fixes 'blue screen of death' bug |last=Raywood |first=Dan |date=16 July 2012 |website=SC Magazine UK |publisher=[[Haymarket Media Group]] |access-date=16 April 2017}}</ref> In 2014, Offensive Security discovered an exploit in Symantec Endpoint Protection during a [[penetration test]] of a financial services organization.<ref name="Kirk 2014" /> The exploit in the Application and Device control driver allowed a logged-in user to get system access.<ref name="Kirk 2014">{{Cite web |url=
==Reception==
According to [[Gartner]], Symantec Endpoint Protection 14 is one of the more comprehensive endpoint security products available and regularly scores well in independent tests.<ref name="gartner" /> However, a common criticism is that customers are "fatigued" by "near constant changes" in the product and company direction.<ref name="gartner" /> ''SC Magazine'' said Endpoint Protection 14 was the "most comprehensive tool of its type . . . with superb installation and documentation."<ref name="scmag">{{Cite news |url=https://www.scmagazine.com/symantec-endpoint-protection-14/review/7116/ |title=Symantec Endpoint Protection 14 |last=Stephenson |first=Peter |date=22 August 2016 |work=SC Magazine |access-date=20 April 2017 |publisher=[[Haymarket Media Group]]}}</ref> The review said EndPoint Protection had a "no-brainer setup and administration," but it does have a "wart" that support fees are "a bit steep."<ref name="scmag" />
[[Forrester Research|Forrester]] said version 12.1 was the most complete endpoint security software product on the market, but the different IT security functions of the software were not well-integrated.<ref name="forrester">{{Cite web |url=https://www.forrester.com/report/The+Forrester+Wave+Endpoint+Security+Suites+Q4+2016/-/E-RES113145 |title=The Forrester Wave: Endpoint Security Suites, Q4 2016 |last=Sherman |first=Chris |last2=McClean |first2=Christopher |date=19 October 2016 |last3=Schiano |first3=Salvatore |last4=Dostie |first4=Peggy}}</ref> The report speculated the lack of integration would be addressed in version 14.<ref name="forrester" /> ''Network World'' ranked Symantec Endpoint Protection sixth in endpoint security products, based on data from NSS Labs testing.<ref name="Smith 2017">{{Cite web |url=http://www.networkworld.com/article/3170114/security/nss-labs-rated-13-advanced-endpoint-security-products-flagged-2-with-caution-rating.html |archive-url=https://web.archive.org/web/20170215195243/http://www.networkworld.com/article/3170114/security/nss-labs-rated-13-advanced-endpoint-security-products-flagged-2-with-caution-rating.html |url-status=dead |archive-date=15 February 2017 |title=NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating |date=15 February 2017 |website=[[Network World]] |publisher=[[IDG]] |access-date=18 April 2017}}</ref>
==References==
| |||